roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix session cookie name collision when running multiple PIC instances on localhost

Browse Source 
Flask's default cookie name ('session') is shared across all ports on the same
hostname. When two PIC instances are accessed via localhost:portA and localhost:portB,
logging into one overwrites the other's session cookie, causing repeated logouts.

Derive a unique 8-hex suffix from each instance's persistent SECRET_KEY and set
SESSION_COOKIE_NAME = 'pic_sess_<suffix>'. This ensures each cell uses a distinct
cookie name, so sessions are fully isolated regardless of hostname.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-05-04 09:15:42 -04:00
parent 28a193e430
commit ac0c16c97b
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_auth_routes.py
+1 -1
View File
@@ -152,7 +152,7 @@ def test_login_success(app_client):
def test_login_success_sets_session_cookie(app_client):
r = _login(app_client, 'admin', 'AdminPass123!')
assert r.status_code == 200
assert 'session' in (r.headers.get('Set-Cookie', '') or '')
assert 'pic_sess_' in (r.headers.get('Set-Cookie', '') or '')
def test_login_wrong_password(app_client):